[26570] in bugtraq
RE: Bypassing cookie restrictions in IE 5+6
daemon@ATHENA.MIT.EDU (Christopher G. Lewis)
Tue Aug 6 21:42:43 2002
Message-ID: <30A1CC2AEEA14F42B6D27660760C81F1081649@ntlewis10.ChristopherLewis.com>
From: "Christopher G. Lewis" <Chris@ChristopherLewis.com>
To: Jelmer <jelmer@kuperus.xs4all.nl>, bugtraq@securityfocus.com
Date: Tue, 6 Aug 2002 15:21:48 -0500
MIME-Version: 1.0
Content-Type: text/plain
Jelmer -
> Bypassing cookie restrictions in IE 5+6
>
> Description
<snip>
> This behaviour completely ignores the privacy settings and allows
> website owners and advertisers to start tracking your every move once
> again.
<snip>
> Workaround:
>
> disable active scripting
If you turn off userdata persistence in the security zone, you can
completely turn off userdata.
Tools|Internet Options
Security Tab
Custom Level Button
<last option in Miscellaneous>
Userdata persistence
<set to>Disable
But yes, MS should use the "Per-Site Privacy Actions" that are available
with cookies for UserData
Chris
> -----Original Message-----
> From: Jelmer [mailto:jelmer@kuperus.xs4all.nl]
> Sent: Saturday, August 03, 2002 8:43 PM
> To: bugtraq@securityfocus.com; secure@microsoft.com
> Subject: Bypassing cookie restrictions in IE 5+6
